www.ducks.org
Open in
urlscan Pro
104.214.108.93
Public Scan
Submitted URL: http://portal.criticalimpact.com/go.cfm?a=1&eid=eca5043aa4ddde74a6473c7b9fa19141&c=25997&jid=fb49ebe36dfab8423947229f28c3afba&d=c...
Effective URL: https://www.ducks.org/support/yearend/ye2021/donateOnlineSecure.aspx?promoKey=YearEnd21&memberkey=Z01778184&ID=11436&p...
Submission: On December 02 via manual from US — Scanned from DE
Effective URL: https://www.ducks.org/support/yearend/ye2021/donateOnlineSecure.aspx?promoKey=YearEnd21&memberkey=Z01778184&ID=11436&p...
Submission: On December 02 via manual from US — Scanned from DE
Summary
This website contacted 16 IPs
in 4 countries
across 15 domains to perform 57 HTTP transactions.
The main IP is 104.214.108.93, located in
San Antonio, United States and
belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US.
The main domain is www.ducks.org.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on November 20th 2020. Valid for: a year.
This is the only time www.ducks.org was scanned on urlscan.io!
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on November 20th 2020. Valid for: a year.
This is the only time www.ducks.org was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
1
199.167.225.41
(United States)
ASN174 (COGENT-174, US)
PTR: c41.criticalimpactinc.com
ASN174 (COGENT-174, US)
PTR: c41.criticalimpactinc.com
| portal.criticalimpact.com |
13
104.214.108.93
(San Antonio, United States)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
| www.ducks.org |
1
2.18.233.88
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-88.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-88.deploy.static.akamaitechnologies.com
| eae3e26d6cce6d2421f2-d0bf394c81120104918c3f1bbeb3098c.ssl.cf1.rackcdn.com |
23
13.85.88.16
(San Antonio, United States)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
| duckscdn.blob.core.windows.net |
1
104.111.226.159
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-226-159.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-226-159.deploy.static.akamaitechnologies.com
| c3321060.ssl.cf0.rackcdn.com |
2
2620:119:50e7:101::9002:e05
(San Francisco, United States)
ASN14413 (LINKEDIN, US)
ASN14413 (LINKEDIN, US)
| px.ads.linkedin.com |
1
108.174.10.14
(United States)
ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com
ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com
| px4.ads.linkedin.com |
1
54.228.37.50
(Dublin, Ireland)
ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-37-50.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-37-50.eu-west-1.compute.amazonaws.com
| d.adroll.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 23 |
windows.net
duckscdn.blob.core.windows.net |
2 MB |
| 13 |
ducks.org
www.ducks.org |
159 KB |
| 9 |
adroll.com
2 redirects
s.adroll.com d.adroll.com |
77 KB |
| 4 |
linkedin.com
3 redirects
px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com |
3 KB |
| 2 |
gstatic.com
fonts.gstatic.com |
31 KB |
| 2 |
doubleclick.net
1 redirects
stats.g.doubleclick.net |
17 KB |
| 2 |
hellobar.com
my.hellobar.com |
82 KB |
| 2 |
rackcdn.com
eae3e26d6cce6d2421f2-d0bf394c81120104918c3f1bbeb3098c.ssl.cf1.rackcdn.com c3321060.ssl.cf0.rackcdn.com |
11 KB |
| 2 |
googleapis.com
ajax.googleapis.com fonts.googleapis.com |
31 KB |
| 1 |
mousestats.com
ssl.mousestats.com |
6 KB |
| 1 |
google.de
www.google.de |
501 B |
| 1 |
google.com
1 redirects
www.google.com |
577 B |
| 1 |
licdn.com
snap.licdn.com |
2 KB |
| 1 |
cloudflare.com
cdnjs.cloudflare.com |
50 KB |
| 1 |
criticalimpact.com
1 redirects
portal.criticalimpact.com |
978 B |
| 57 | 15 |
| Domain | Requested by | |
|---|---|---|
| 23 | duckscdn.blob.core.windows.net |
www.ducks.org
|
| 13 | www.ducks.org |
www.ducks.org
|
| 8 | s.adroll.com |
2 redirects
www.ducks.org
s.adroll.com |
| 2 | px.ads.linkedin.com | 2 redirects |
| 2 | fonts.gstatic.com |
fonts.googleapis.com
|
| 2 | stats.g.doubleclick.net |
1 redirects
www.ducks.org
|
| 2 | my.hellobar.com |
www.ducks.org
my.hellobar.com |
| 1 | d.adroll.com |
s.adroll.com
|
| 1 | ssl.mousestats.com |
www.ducks.org
|
| 1 | px4.ads.linkedin.com |
www.ducks.org
|
| 1 | www.linkedin.com | 1 redirects |
| 1 | www.google.de |
www.ducks.org
|
| 1 | www.google.com | 1 redirects |
| 1 | snap.licdn.com |
www.ducks.org
|
| 1 | fonts.googleapis.com |
www.ducks.org
|
| 1 | c3321060.ssl.cf0.rackcdn.com |
www.ducks.org
|
| 1 | cdnjs.cloudflare.com |
www.ducks.org
|
| 1 | eae3e26d6cce6d2421f2-d0bf394c81120104918c3f1bbeb3098c.ssl.cf1.rackcdn.com |
www.ducks.org
|
| 1 | ajax.googleapis.com |
www.ducks.org
|
| 1 | portal.criticalimpact.com | 1 redirects |
| 57 | 20 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| duckscdn.blob.core.windows.net |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.ducks.org DigiCert TLS RSA SHA256 2020 CA1 |
2020-11-20 - 2021-12-21 |
a year | crt.sh |
| upload.video.google.com GTS CA 1C3 |
2021-11-01 - 2022-01-24 |
3 months | crt.sh |
| *.ssl.cf1.rackcdn.com DigiCert SHA2 Secure Server CA |
2021-06-29 - 2022-07-07 |
a year | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-10-25 - 2022-10-24 |
a year | crt.sh |
| *.blob.core.windows.net Microsoft RSA TLS CA 02 |
2021-11-11 - 2022-11-11 |
a year | crt.sh |
| *.ssl.cf0.rackcdn.com DigiCert SHA2 Secure Server CA |
2021-03-22 - 2022-03-30 |
a year | crt.sh |
| *.g.doubleclick.net GTS CA 1C3 |
2021-11-01 - 2022-01-24 |
3 months | crt.sh |
| *.gstatic.com GTS CA 1C3 |
2021-11-01 - 2022-01-24 |
3 months | crt.sh |
| *.licdn.com DigiCert SHA2 Secure Server CA |
2021-07-15 - 2022-07-20 |
a year | crt.sh |
| s.adroll.com Amazon |
2021-08-02 - 2022-08-31 |
a year | crt.sh |
| adroll.mgr.consensu.org Amazon |
2021-09-09 - 2022-10-08 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.ducks.org/support/yearend/ye2021/donateOnlineSecure.aspx?promoKey=YearEnd21&memberkey=Z01778184&ID=11436&poe=yearenddec1
Frame ID: 1579459613A601BD1259BEA98A62F1B2
Requests: 57 HTTP requests in this frame
Screenshot
Page Title
Your Year-End Gift Makes the World a Better Place for Waterfowl, Wildlife, and PeoplePage URL History Show full URLs
-
http://portal.criticalimpact.com/go.cfm?a=1&eid=eca5043aa4ddde74a6473c7b9fa19141&c=25997&jid=fb49ebe36dfab842...
HTTP 302
https://www.ducks.org/support/yearend/ye2021/donateOnlineSecure.aspx?promoKey=YearEnd21&memberkey=... Page URL
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
URL: https://duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/Tier-1-Large.jpg?cb=3
Title: View larger image (opens in new window)
Title: View larger image (opens in new window)
Search URL Search Domain Scan URL
URL: https://duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/Tier-2-Large.jpg?cb=3
Title: View larger image (opens in new window)
Title: View larger image (opens in new window)
Search URL Search Domain Scan URL
URL: https://duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/Tier-3-Large.jpg?cb=3
Title: View larger image (opens in new window)
Title: View larger image (opens in new window)
Search URL Search Domain Scan URL
URL: https://duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/Tier-4-Large.jpg?cb=3
Title: View larger image (opens in new window)
Title: View larger image (opens in new window)
Search URL Search Domain Scan URL
URL: https://duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/Tier-5-Large.jpg?cb=3
Title: View large image of all items (opens in new window)
Title: View large image of all items (opens in new window)
Search URL Search Domain Scan URL
URL: https://duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/Tier-6-Large.jpg?cb=3
Title: View large image of all items (opens in new window)
Title: View large image of all items (opens in new window)
Search URL Search Domain Scan URL
URL: https://duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/Tier-7-Large.jpg?cb=3
Title: View large image of all items (opens in new window)
Title: View large image of all items (opens in new window)
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://portal.criticalimpact.com/go.cfm?a=1&eid=eca5043aa4ddde74a6473c7b9fa19141&c=25997&jid=fb49ebe36dfab8423947229f28c3afba&d=c1f60d2cbb84ac2aa6473c7b9fa19141&u=https://www.ducks.org/support/yearend/ye2021/donateOnlineSecure.aspx?promoKey=YearEnd21&memberkey=Z01778184&ID=11436&poe=yearenddec1
HTTP 302
https://www.ducks.org/support/yearend/ye2021/donateOnlineSecure.aspx?promoKey=YearEnd21&memberkey=Z01778184&ID=11436&poe=yearenddec1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 45- https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=1769047753&utmhn=www.ducks.org&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Your%20Year-End%20Gift%20Makes%20the%20World%20a%20Better%20Place%20for%20Waterfowl%2C%20Wildlife%2C%20and%20People&utmhid=1356043088&utmr=-&utmp=%2Fsupport%2Fyearend%2Fye2021%2FdonateOnlineSecure.aspx%3FpromoKey%3DYearEnd21%26memberkey%3DZ01778184%26ID%3D11436%26poe%3Dyearenddec1&utmht=1638469220123&utmac=UA-171220-3&utmcc=__utma%3D263391129.87760211.1638469220.1638469220.1638469220.1%3B%2B__utmz%3D263391129.1638469220.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1555289879&utmredir=3&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
- https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-171220-3&cid=87760211.1638469220&jid=1555289879&_v=5.7.2dc&z=1769047753 HTTP 302
- https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-171220-3&cid=87760211.1638469220&jid=1555289879&_v=5.7.2dc&z=1769047753&slf_rd=1&random=3976428185
- https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432634&time=1638469220144&url=https%3A%2F%2Fwww.ducks.org%2Fsupport%2Fyearend%2Fye2021%2FdonateOnlineSecure.aspx%3FpromoKey%3DYearEnd21%26memberkey%3DZ01778184%26ID%3D11436%26poe%3Dyearenddec1 HTTP 302
- https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D432634%26time%3D1638469220144%26url%3Dhttps%253A%252F%252Fwww.ducks.org%252Fsupport%252Fyearend%252Fye2021%252FdonateOnlineSecure.aspx%253FpromoKey%253DYearEnd21%2526memberkey%253DZ01778184%2526ID%253D11436%2526poe%253Dyearenddec1%26liSync%3Dtrue HTTP 302
- https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432634&time=1638469220144&url=https%3A%2F%2Fwww.ducks.org%2Fsupport%2Fyearend%2Fye2021%2FdonateOnlineSecure.aspx%3FpromoKey%3DYearEnd21%26memberkey%3DZ01778184%26ID%3D11436%26poe%3Dyearenddec1&liSync=true HTTP 302
- https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=432634&time=1638469220144&url=https%3A%2F%2Fwww.ducks.org%2Fsupport%2Fyearend%2Fye2021%2FdonateOnlineSecure.aspx%3FpromoKey%3DYearEnd21%26memberkey%3DZ01778184%26ID%3D11436%26poe%3Dyearenddec1&liSync=true&e_ipv6=AQI64B5LVrEAKAAAAX18YDy0R5FZBmn9iiWbEzB1_2FStkJnKzR-8HneGCt27aV8ZneDG4Ku
- https://s.adroll.com/j/exp/Q436PDLHZJCSPKEHSGJZ52/index.js HTTP 302
- https://s.adroll.com/j/exp/index.js
- https://s.adroll.com/j/pre/Q436PDLHZJCSPKEHSGJZ52/GILUZAHEEFAFPJFNHN3ZBH/fpconsent.js HTTP 302
- https://s.adroll.com/j/pre/index.js
57 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
donateOnlineSecure.aspx
www.ducks.org/support/yearend/ye2021/ Redirect Chain
|
123 KB 46 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-color.js
eae3e26d6cce6d2421f2-d0bf394c81120104918c3f1bbeb3098c.ssl.cf1.rackcdn.com/fundraising-legacy/ |
19 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
6b3a1a5d169fdb4d107f86a6269a5d3cebceb605.js
my.hellobar.com/ |
68 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.range.css
www.ducks.org/support/resources/css/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.css
www.ducks.org/Portals/_default/Skins/Ducks.org/css/ |
118 KB 27 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
skin.css
www.ducks.org/Portals/_default/Skins/Ducks.org/ |
72 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fundraising.css
www.ducks.org/support/resources/css/ |
23 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
overrides.css
www.ducks.org/support/yearend/ye2021/ |
3 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
yearEnd.js
www.ducks.org/support/yearend/ye2021/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bootstrap.min.js
www.ducks.org/support/resources/js/ |
36 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
classie.js
www.ducks.org/support/resources/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
skin.js
www.ducks.org/support/resources/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Chart.bundle.min.js
cdnjs.cloudflare.com/ajax/libs/Chart.js/2.5.0/ |
197 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fundraising.js
www.ducks.org/support/resources/js/ |
79 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.range-min.js
www.ducks.org/support/resources/js/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
date.js
www.ducks.org/support/resources/js/ |
38 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-1-Small.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
86 KB 86 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-2-Small.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
84 KB 85 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-3-Small.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
53 KB 54 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-4-Small.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
94 KB 94 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-5-Small.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
89 KB 89 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-6-Small.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
92 KB 93 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-7-Small.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
101 KB 101 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-1-Medium.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
99 KB 99 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-2-Medium.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
91 KB 92 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-3-Medium.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
45 KB 46 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-4-Medium.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
104 KB 105 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-5-Medium.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
101 KB 101 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-6-Medium.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
108 KB 108 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-7-Medium.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
112 KB 113 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ccTypes.png
c3321060.ssl.cf0.rackcdn.com/fundraising/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-1-Small.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
86 KB 86 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-2-Small.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
84 KB 85 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-3-Small.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
53 KB 54 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-4-Small.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
94 KB 94 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-5-Small.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
89 KB 89 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-6-Small.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
92 KB 93 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Tier-7-Small.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/yearEnd/2021/ |
101 KB 101 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dc.js
stats.g.doubleclick.net/ |
45 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo-green-on-white.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/poc-n2-2019/ |
47 KB 48 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
lock.png
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/poc-n2-2019/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
insight.min.js
snap.licdn.com/li.lms-analytics/ |
5 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ga-audiences
www.google.de/ads/ Redirect Chain
|
42 B 501 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
collect
px4.ads.linkedin.com/ Redirect Chain
|
0 155 B |
Image
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
modules.js
my.hellobar.com/ |
251 KB 73 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
roundtrip.js
s.adroll.com/j/ |
47 KB 16 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
5160370059471224765.js
ssl.mousestats.com/js/5/1/ |
23 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
index.js
s.adroll.com/j/exp/ Redirect Chain
|
28 B 762 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
index.js
s.adroll.com/j/pre/ Redirect Chain
|
0 732 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
index.js
s.adroll.com/j/pre/Q436PDLHZJCSPKEHSGJZ52/GILUZAHEEFAFPJFNHN3ZBH/ |
4 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Q436PDLHZJCSPKEHSGJZ52
d.adroll.com/consent/check/ |
386 B 479 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
consent_tcfv2.js
s.adroll.com/j/ |
391 KB 54 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
nextroll-32x32.png
s.adroll.com/i/favicon/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
181 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery boolean| isAparrel object| mediaItemsClientArray number| recurringSliderMin number| recurringSliderMax number| recurringSliderStep number| recurringBillDateDayRange string| recurringCurrentDate number| recurringNextBillDayDefaultDay boolean| isPoc number| minDon string| userFirstName function| AdjustForm function| ShowMobileTiers function| HideMobileTiers function| PremiumOptOutCheckChanged function| txtOtherAmount_OnTextChanged function| ToggleMobileGiftArray function| OnGiftLevelChange function| ClearGiftSelection function| SetSelectedGift function| ScrollTo function| GetBreakpoint object| _gaq object| classie number| vpw number| vph string| bp boolean| isInEdit function| Init function| IsInEditMode function| AnimateHeader function| SetMobileMenuHeight function| CreateRibbons function| Color function| Chart boolean| isDuEfficienctChartActivated undefined| friendlyBillDate object| longMonths boolean| isCanada number| socialProofScrollThreshTop boolean| isSocialProofAboveThresh object| dfHomeStr number| quantitySelectedIndex function| UpdateUrlToComplete function| SetPaymentDetailMode boolean| isStarted boolean| isStopped function| DoSocialProof function| DoSocialProofNext function| DoSocialProofDisplay function| getRandomInt function| PopulateSwiper function| initPocMap function| ConfirmationMap function| geocodeAddress function| DisableButton function| UpdateSubmitButtonText function| NumbersOnly function| SwitchGiftAmount function| SetCountryView function| ShowRequired function| SetPremiumOptOutView function| OptOutFreeGift function| OnHonorMemoryClick function| CheckCreditCard function| GetCreditCardType function| AdditionalAmountListener function| AddAdditionalAmount function| RemoveAdditionalAmount function| AddUpsell function| RemoveItem function| HtmlEncode function| HtmlDecode function| GetSizes function| GetUpsellAmount function| SideMediaSwitch number| numberOfImages function| ModalMediaSwitch function| AttachModalPrev function| AttachModalNext function| StopVideo function| AdjustSizeOptions number| currentMediaItemIndex function| InitMediaItemsViewer function| ShowMediaItem function| HideMediaItem function| GetNextMediaItemIndex function| DrawMediaItemsNavGlance function| toggleReadMore function| showModal function| parseSizeSelectionsForDisplay function| ShowEditSizesModal function| ToggleRecurringDaySelection function| SetBillDay function| CalculateNextBillingDate function| UpdateRecurringInfoBlurb function| ToggleRecurringInfoBlurb function| ShowRecurringModal function| CheckRecurringOtherAmount function| RemoveRecurringOtherAmount function| ShowRecurringModalStep function| ToggleAlternateShipping function| ShowShippingAddressInformation function| PopulateConfirmMediaItem function| InitGiftView function| ShowOtherAmount function| PdToggle function| animateDuEfficiencyChart function| ToggleHonorMemory function| showHmsaFormSection function| CountCharacterLength function| GetMapStyle function| UpdateFlagSign object| relationships number| currentFamilyMemberInputRowIndex boolean| isMobileFirst boolean| isPostBack number| memberFieldsTabIndexStart number| memberFieldsTabIndexIncrementer function| drawFamilyMemberInputRowsBS function| drawFamilyMemberInputRowWrapper function| deleteFamilyMemberInputRow function| saveFamilyMembersInputData function| validateFamilyMemberInputRowField function| initFamilyMemberData function| getFamilyMemberData function| addFamilyMemberInputRowBS function| togglePaymentType function| objExists string| adroll_adv_id string| adroll_pix_id object| MouseStats_Commands string| _linkedin_partner_id object| _linkedin_data_partner_ids number| width string| r object| _gat object| gaGlobal function| lintrk boolean| _already_called_lintrk function| bootstrap object| hellobarSiteSettings object| script object| regeneratorRuntime function| hellobar boolean| __adroll_loaded string| adroll_sid object| dataLayer object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks function| adroll_tpc_callback object| adroll_exp_list object| __adroll_consent_data string| mousestats_project string| mousestats_playbackProject object| mousestats_formAnalyticsProject string| mousestats_microSurveysProject string| mousestats_Site string| mousestats_xadd object| MouseStatsSharedControl object| MouseStatsVisitorPlaybacks function| __cmp function| __tcfapi object| __adroll_consent boolean| __adroll_consent_is_gdpr string| __adroll_consent_user_country string| __adroll_consent_adv_country object| $jscomp string| BANNER_VERSION string| TCF_VERSION string| IABWRITE_NO_COOKIE object| __adroll_consent_banner boolean| __adroll_consent_prev_lastchild24 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| portal.criticalimpact.com/ | Name: JSESSIONIDTC1 Value: EF616B996BD0318D9C9B9BC7484D6792 |
|
| portal.criticalimpact.com/ | Name: cfid Value: c801d0d9-7a20-4457-bcfe-5782695174bf |
|
| portal.criticalimpact.com/ | Name: cftoken Value: 0 |
|
| portal.criticalimpact.com/ | Name: CF_CLIENT_TPORTALCRITICALIMPACTCOM_LV Value: 1638469219068 |
|
| portal.criticalimpact.com/ | Name: CF_CLIENT_TPORTALCRITICALIMPACTCOM_TC Value: 1638469219068 |
|
| portal.criticalimpact.com/ | Name: CF_CLIENT_TPORTALCRITICALIMPACTCOM_HC Value: 2 |
|
| www.ducks.org/ | Name: ASP.NET_SessionId Value: fi0llr5vsoykdqxrkg4mh0el |
|
| www.ducks.org/ | Name: ReferringUrl Value: UNKNOWN |
|
| www.ducks.org/ | Name: DU_SESSION_VIEW_COUNT Value: 1 |
|
| .ducks.org/ | Name: __utma Value: 263391129.87760211.1638469220.1638469220.1638469220.1 |
|
| .ducks.org/ | Name: __utmc Value: 263391129 |
|
| .ducks.org/ | Name: __utmz Value: 263391129.1638469220.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) |
|
| .ducks.org/ | Name: __utmt Value: 1 |
|
| .ducks.org/ | Name: __utmb Value: 263391129.1.10.1638469220 |
|
| .linkedin.com/ | Name: UserMatchHistory Value: AQJCLqZMkoT06QAAAX18YDsB-MfEIoVF3-RdlZTqZn4GvpBQZTVuQCXU5jwEMPUP68MaVz06Iyvomw |
|
| .linkedin.com/ | Name: AnalyticsSyncHistory Value: AQK8XbkTVfpdcwAAAX18YDsBemMehnb8mEWAeMfHs8eS3_QvBwsdVo1lvTb1v6o8O3weMq7ui24daI37bGJKkA |
|
| .ads.linkedin.com/ | Name: lang Value: v=2&lang=en-us |
|
| .linkedin.com/ | Name: bcookie Value: "v=2&63f648c9-9da4-4f93-8d00-e49ab85510f5" |
|
| .linkedin.com/ | Name: lidc Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2142:u=1:x=1:i=1638469221:t=1638555621:v=2:sig=AQEhAMpwrQVeD934dfzEfCz5m_SntUA1" |
|
| .linkedin.com/ | Name: lang Value: v=2&lang=de-de |
|
| .www.linkedin.com/ | Name: bscookie Value: "v=1&20211202182021d1cf3e54-a10b-43c3-85a1-adf803b13bdbAQGAa7Y-BM4n0pNY_igN1nT_vjc4cbXA" |
|
| .linkedin.com/ | Name: li_gc Value: MTswOzE2Mzg0NjkyMjE7MjswMjHph0BzaGa7PKICGh7iZ+PHFI59yXZI8TBkhf60BZXg+w== |
|
| .ducks.org/ | Name: mousestats_vi Value: 1d3f4176fd98e561ec3b |
|
| .ducks.org/ | Name: mousestats_si Value: 7ff02886724e68bbbae8 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
c3321060.ssl.cf0.rackcdn.com
cdnjs.cloudflare.com
d.adroll.com
duckscdn.blob.core.windows.net
eae3e26d6cce6d2421f2-d0bf394c81120104918c3f1bbeb3098c.ssl.cf1.rackcdn.com
fonts.googleapis.com
fonts.gstatic.com
my.hellobar.com
portal.criticalimpact.com
px.ads.linkedin.com
px4.ads.linkedin.com
s.adroll.com
snap.licdn.com
ssl.mousestats.com
stats.g.doubleclick.net
www.ducks.org
www.google.com
www.google.de
www.linkedin.com
104.111.226.159
104.214.108.93
108.174.10.14
13.85.88.16
199.167.225.41
2.18.233.88
2600:9000:20eb:1200:6:9280:1080:93a1
2606:4700:10::6816:f17
2606:4700:3033::6815:3a5d
2606:4700::6810:125e
2620:119:50e7:101::9002:e05
2620:1ec:22::14
2a00:1450:4001:808::2004
2a00:1450:4001:80e::200a
2a00:1450:4001:812::2003
2a00:1450:4001:828::2003
2a00:1450:4001:82b::200a
2a00:1450:400c:c0d::9c
2a02:26f0:6c00::210:ba0a
54.228.37.50
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
05cafec40d83944e3cf355e201fbf1282ae1514051d68ae8e9e600105d70107b
09f48d18a97da0e8fb16ccdbb2a0d358dcf6edd4179499a4bf162872bd3034a5
0c6a8d72ecc81313edcc465bbd1821ac840df6e5a857c64f90bcc54f6087d33f
0e299602e0ed4e738b09ec17fbf970a39be1364e35fc242d6c4141cfb0fc58be
101826c1c97fdae61123b503c33be4279fc77a34cd74316854bd6c66761f4621
11535f173efd77b075d4598597c29d78ea555d8c749239413a8bb6b3a26028d6
14199bb4d5b09f1bc4cb4bcad0e9b6a329041b01d0117b969f575ef82a38a2fd
1c8eaa7cedf16633eafc3b5fd06c43d7df37493a648efaa5b02981853a344159
206743f5a27b61f302352bf4452f78f13aa34bee7589b306e24677dc3a3e875e
23ec660aeb7416f9d17b29372cf52d14ca8340c5667b9a7ece41935eac642033
26547cdcd25f384ec19c06da168c2574b502acc710908523303d191073182de2
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
3cfeff0a5915e33b9c0aea7510cb264962bbff814cf52c87193624a4eb8a45ad
41f1e9970b646aadac0f40543bb08b21e49990bf1b09392d1ef4d71b275069ea
51e16db90f9008657977b095468c11bb0b6c5635303bfa1b622b8c7d6730b5ca
5a4a5359110a773bd154da94c48ffd6a6233a29dfd5a9314555f5ae6c3e47459
614b1e0ca528c65ecdf411e4240a0d84a7f4191073a65668d65d59221cb0a6bb
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
6af066e6ba86e466d5d94d72e3a3100a41e27848869060e846916df5d13e8792
6b2ad954b50110be8fdc5d5b56be631b7567593d7716a46f82a93c1289dfc174
6eb3216ca52e93c44653ce9584fde28dc95b5034513f185467a02fd7278e78c6
7128340f4f9a3de9a1c9763d288ae489e3a35f04544afa839ee557c50a96f582
7208726b45ea71ca7fe9918b832539eda83d416c73416fe61a44447d3d667709
727060473e40d9ef493781629c2b84e142d46e913a0dc74c00d23a15a01aaef2
73dc6fa84ee73118c313a2b5b7b91f62e8f3611bf454e59777f4d8592c66a523
76959d6cac36aedea5844a0284e445f15256c0f5db7f869fcf0b21b7a22ec008
788e3752143f30d58a6a51831922b5acfabd34c26decddde28b1e67a52397813
7cec0fbdf8527b5bd28c2c491871e05bdf74942a983a2a1de0aff5a6fc11c140
880de7665b1aaa840303313deca3352af257d55aed4584d5e17f0fbffe0fde01
8cea32ba72200abe3237f21e07dd29ebf51e7fb9e5a57f7953a45689de4b484d
96e6370903ef9c928942904b217c4f37cbafde51795159bf827a811f4ee06623
9f8f10fd7d96f7ed0f0668b1d39ed151f02bf96def3ed28c71150c8dcc6656f6
9fd0c15ff4c7f1a4cdd01468119ddf33b36bdb9fd17476ad30da59c06cf48097
aed08cf0c963e98da7f66ce64fdf35ac5f2b779e212fb503ea2770edba97cdd7
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
c0ea2b3556a26cb990d5e64375216354193da58ac881a7619515260ee95d01f4
c38393cbf09130aad4e4a218009d46c583b2bc17da5f34e70fce6b50fc969f53
c44713bb6da2b2e3888c87aaf07e4d7de9a0dd82eeea27c9436979c5c5bad684
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5a9f6da3b3c07d28e3a87f88ea1a30f0bb6b0cf4d6bc8f0056630a5dbf266c6
ea2d073ec1cf48ca93c269f8c0b5e5105ddbdc78b77f09458e8297f8c83a5703
ec06b9f253be4289dabb1de931009e356885fdcad0902fce011f49b9f7f680c2
ed7de7e85d643e689df0b4b6c375f57e3048b23aa32dd307d3dfcaaae467c0cc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
faaf9d1824ab55b7a3777303bb32472ac936797778b05e5760431f3d9b0e9d81
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3